1. Naday,
Hi there,
I recently helped a friend change her username, and she also asked me to change her password. However, there seems to be a bug in the system that I would like to bring to your attention.
Here's what happened: after I changed her username, it was pending for review by the helpers, as expected. Then, I changed her password successfully. However, my friend left the playroom for a while and when she tried to log in again, she used her old username (which hadn't been validated yet) with the new password I had set for her. Surprisingly (not), she was able to log in successfully at that time.
But the issue came when her username got validated later on. She tried to log in again using her validated username and the new password, but she couldn't log in. It only worked when she used the old password, which should have been invalid by then.
This is concerning because if someone changes their password for security reasons, they would expect their old password to be invalidated. However, in this case, the old password still works even after the username has been validated. It could potentially allow unauthorized access to user accounts if someone else knew the old password. While it's up to users to keep their passwords secure and not share them, this bug contains a potential vulnerability that needs to be looked at.
Skor: +0